Full-Disclosure Wins Again 122
twistedmoney99 writes "The full-disclosure debate is a polarizing one. However, no one can argue that disclosing a vulnerability publicly often results in a patch — and InformIT just proved it again. In March, Seth Fogie found numerous bugs in EZPhotoSales and reported it to the vendor, but nothing was done. In August the problem was posted to Bugtraq, which pointed to a descriptive article outlining numerous bugs in the software — and guess what happens? Several days later a patch appears. Coincidence? Probably not considering the vendor stated "..I'm not sure we could fix it all anyway without a rewrite." Looks like they could fix it, but just needed a little full-disclosure motivation."
How Software Works (Score:5, Funny)
2. Secretly, a team of crack programmers (or programmers on crack) develop the patch.
3. The patch sits in a repository until public outcry.
4. Public outcry.
5. Patch released... LOOK HOW FAST WE ARE!
Re:A bug only exists... (Score:5, Funny)
He fell into the sarchasm.
Re:A bug only exists... (Score:2, Funny)
Re:A bug only exists... (Score:5, Funny)
GIRL: But--
NARRATOR: Once and for all!
morality (Score:2, Funny)
Re:A bug only exists... (Score:1, Funny)
IMHO, knowing about specific software flaws is an advantage to everyone but the company that makes the software with the flaw. The people in power only "think" the way you describe because they get their power from the same companies that loose out when someone finds a flaw with that companies software.
Hand a policeman a $20 bill and help you around a law and you will go to jail for bribery. Hand a politician a $20 bill for the same thing and you will get your favorable treatment and get invited to dinner.